./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3842517555 <...> forked to background, child pid 4658 [ 29.784090][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.797790][ T4659] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: [ 30.156239][ T4736] sshd (4736) used greatest stack depth: 20736 bytes left OK syzkaller Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. execve("./syz-executor3842517555", ["./syz-executor3842517555"], 0x7ffff02009c0 /* 10 vars */) = 0 brk(NULL) = 0x555555f46000 brk(0x555555f46c40) = 0x555555f46c40 arch_prctl(ARCH_SET_FS, 0x555555f46300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555f465d0) = 4990 set_robust_list(0x555555f465e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8b3d6afb00, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8b3d6b01d0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8b3d6afba0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8b3d6b01d0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3842517555", 4096) = 28 brk(0x555555f67c40) = 0x555555f67c40 brk(0x555555f68000) = 0x555555f68000 mprotect(0x7f8b3d772000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=784, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=4990}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x2e\x00\x00\x00\x98\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 784 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4990}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4990}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4990}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4990}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4990}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=4990}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 getpid() = 4990 mkdir("./syzkaller.saBT3v", 0700) = 0 chmod("./syzkaller.saBT3v", 0777) = 0 chdir("./syzkaller.saBT3v") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f465d0) = 4993 ./strace-static-x86_64: Process 4993 attached [pid 4993] set_robust_list(0x555555f465e0, 24) = 0 [pid 4993] chdir("./0") = 0 [pid 4993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4993] setpgid(0, 0) = 0 [pid 4993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4993] write(3, "1000", 4) = 4 [pid 4993] close(3) = 0 [pid 4993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4993] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3d67e000 [pid 4993] mprotect(0x7f8b3d67f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4993] clone(child_stack=0x7f8b3d69e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4994], tls=0x7f8b3d69e700, child_tidptr=0x7f8b3d69e9d0) = 4994 [pid 4993] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4994 attached [pid 4994] set_robust_list(0x7f8b3d69e9e0, 24) = 0 [pid 4994] memfd_create("syzkaller", 0) = 3 [pid 4994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b3527e000 [pid 4994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 4994] munmap(0x7f8b3527e000, 4194304) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 syzkaller login: [ 56.131937][ T4994] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4994 'syz-executor384' [pid 4994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4994] close(3) = 0 [pid 4994] mkdir("./file0", 0777) = 0 [ 56.181372][ T4994] loop0: detected capacity change from 0 to 8192 [ 56.193531][ T4994] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.206663][ T4994] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 56.216271][ T4994] REISERFS (device loop0): using ordered data mode [ 56.223013][ T4994] reiserfs: using flush barriers [ 56.229148][ T4994] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.245995][ T4994] REISERFS (device loop0): checking transaction log (loop0) [pid 4994] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 4994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4994] chdir("./file0") = 0 [pid 4994] ioctl(4, LOOP_CLR_FD) = 0 [pid 4994] close(4) = 0 [pid 4994] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4993] <... futex resumed>) = 0 [pid 4993] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4994] <... futex resumed>) = 1 [pid 4994] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 4994] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4993] <... futex resumed>) = 0 [pid 4993] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4994] <... futex resumed>) = 1 [pid 4994] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 4994] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4993] <... futex resumed>) = 0 [pid 4993] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4994] <... futex resumed>) = 1 [pid 4994] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 4994] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4993] <... futex resumed>) = 0 [pid 4993] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3565d000 [pid 4993] mprotect(0x7f8b3565e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4993] clone(child_stack=0x7f8b3567d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4996], tls=0x7f8b3567d700, child_tidptr=0x7f8b3567d9d0) = 4996 [pid 4993] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4993] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4994] <... futex resumed>) = 1 [pid 4994] ftruncate(4, 3976) = 0 [pid 4994] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4994] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 4996 attached [pid 4996] set_robust_list(0x7f8b3567d9e0, 24) = 0 [pid 4996] ftruncate(4, 3617) = 0 [pid 4996] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4993] <... futex resumed>) = 0 [pid 4993] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4993] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4994] <... futex resumed>) = 0 [pid 4994] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 [pid 4994] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4993] <... futex resumed>) = 0 [pid 4993] exit_group(0) = ? [pid 4994] <... futex resumed>) = ? [pid 4994] +++ exited with 0 +++ [pid 4996] <... futex resumed>) = ? [pid 4996] +++ exited with 0 +++ [pid 4993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4993, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 56.291579][ T4994] REISERFS (device loop0): Using r5 hash to sort names [ 56.298693][ T4994] REISERFS (device loop0): using 3.5.x disk format [ 56.306721][ T4994] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f47620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f4f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f4f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555f47620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f465d0) = 4997 ./strace-static-x86_64: Process 4997 attached [pid 4997] set_robust_list(0x555555f465e0, 24) = 0 [pid 4997] chdir("./1") = 0 [pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4997] setpgid(0, 0) = 0 [pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4997] write(3, "1000", 4) = 4 [pid 4997] close(3) = 0 [pid 4997] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4997] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3d67e000 [pid 4997] mprotect(0x7f8b3d67f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4997] clone(child_stack=0x7f8b3d69e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4998], tls=0x7f8b3d69e700, child_tidptr=0x7f8b3d69e9d0) = 4998 ./strace-static-x86_64: Process 4998 attached [pid 4998] set_robust_list(0x7f8b3d69e9e0, 24) = 0 [pid 4998] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4998] memfd_create("syzkaller", 0 [pid 4997] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4998] <... memfd_create resumed>) = 3 [pid 4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b3527e000 [pid 4998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 4998] munmap(0x7f8b3527e000, 4194304) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4998] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4998] close(3) = 0 [pid 4998] mkdir("./file0", 0777) = 0 [ 56.474277][ T4998] loop0: detected capacity change from 0 to 8192 [ 56.485493][ T4998] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.498631][ T4998] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 56.507903][ T4998] REISERFS (device loop0): using ordered data mode [ 56.514563][ T4998] reiserfs: using flush barriers [ 56.520704][ T4998] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.537057][ T4998] REISERFS (device loop0): checking transaction log (loop0) [pid 4998] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 4998] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4998] chdir("./file0") = 0 [pid 4998] ioctl(4, LOOP_CLR_FD) = 0 [pid 4998] close(4) = 0 [pid 4998] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4997] <... futex resumed>) = 0 [pid 4998] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4997] <... futex resumed>) = 0 [pid 4998] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4997] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... openat resumed>) = 4 [pid 4998] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4997] <... futex resumed>) = 0 [pid 4998] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4997] <... futex resumed>) = 0 [pid 4998] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 4997] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... write resumed>) = 65191 [pid 4998] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [pid 4997] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... futex resumed>) = 1 [pid 4998] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 4998] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [pid 4997] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3565d000 [pid 4997] mprotect(0x7f8b3565e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4997] clone(child_stack=0x7f8b3567d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5000 attached , parent_tid=[5000], tls=0x7f8b3567d700, child_tidptr=0x7f8b3567d9d0) = 5000 [pid 4997] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... futex resumed>) = 1 [pid 4997] <... futex resumed>) = 0 [pid 4998] ftruncate(4, 3976 [pid 4997] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] set_robust_list(0x7f8b3567d9e0, 24 [pid 4998] <... ftruncate resumed>) = 0 [pid 4998] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... set_robust_list resumed>) = 0 [pid 4998] <... futex resumed>) = 0 [pid 4998] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5000] ftruncate(4, 3617) = 0 [pid 5000] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [ 56.576785][ T4998] REISERFS (device loop0): Using r5 hash to sort names [ 56.583808][ T4998] REISERFS (device loop0): using 3.5.x disk format [ 56.590718][ T4998] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 4997] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4998] <... futex resumed>) = 0 [pid 4997] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5000] <... futex resumed>) = 1 [pid 4998] <... open resumed>) = 6 [pid 5000] futex(0x7f8b3d7787b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4998] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [pid 4997] exit_group(0 [pid 5000] <... futex resumed>) = ? [pid 4997] <... exit_group resumed>) = ? [pid 5000] +++ exited with 0 +++ [pid 4998] <... futex resumed>) = ? [pid 4998] +++ exited with 0 +++ [pid 4997] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f47620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f4f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f4f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555f47620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f465d0) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5001] set_robust_list(0x555555f465e0, 24) = 0 [pid 5001] chdir("./2") = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5001] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3d67e000 [pid 5001] mprotect(0x7f8b3d67f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5001] clone(child_stack=0x7f8b3d69e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5002 attached [pid 5002] set_robust_list(0x7f8b3d69e9e0, 24) = 0 [pid 5002] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... clone resumed>, parent_tid=[5002], tls=0x7f8b3d69e700, child_tidptr=0x7f8b3d69e9d0) = 5002 [pid 5001] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] memfd_create("syzkaller", 0 [pid 5001] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5002] <... memfd_create resumed>) = 3 [pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b3527e000 [pid 5002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5002] munmap(0x7f8b3527e000, 4194304) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5002] close(3) = 0 [pid 5002] mkdir("./file0", 0777) = 0 [ 56.759718][ T5002] loop0: detected capacity change from 0 to 8192 [ 56.771014][ T5002] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.784058][ T5002] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 56.793537][ T5002] REISERFS (device loop0): using ordered data mode [ 56.800362][ T5002] reiserfs: using flush barriers [ 56.806599][ T5002] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.823294][ T5002] REISERFS (device loop0): checking transaction log (loop0) [pid 5002] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5002] chdir("./file0") = 0 [pid 5002] ioctl(4, LOOP_CLR_FD) = 0 [pid 5002] close(4) = 0 [pid 5002] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5001] <... futex resumed>) = 0 [pid 5002] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5001] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... openat resumed>) = 4 [pid 5002] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5001] <... futex resumed>) = 0 [pid 5002] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5001] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... write resumed>) = 65191 [pid 5002] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... futex resumed>) = 1 [pid 5002] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5002] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] ftruncate(4, 3976 [ 56.868186][ T5002] REISERFS (device loop0): Using r5 hash to sort names [ 56.875174][ T5002] REISERFS (device loop0): using 3.5.x disk format [ 56.882033][ T5002] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5001] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... ftruncate resumed>) = 0 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3565d000 [pid 5001] mprotect(0x7f8b3565e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5001] clone(child_stack=0x7f8b3567d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5004], tls=0x7f8b3567d700, child_tidptr=0x7f8b3567d9d0) = 5004 [pid 5002] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5004 attached [pid 5004] set_robust_list(0x7f8b3567d9e0, 24) = 0 [pid 5004] ftruncate(4, 3617) = 0 [pid 5004] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5004] futex(0x7f8b3d7787b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... futex resumed>) = 1 [pid 5002] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5001] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... open resumed>) = 6 [pid 5002] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] exit_group(0) = ? [pid 5004] <... futex resumed>) = ? [pid 5004] +++ exited with 0 +++ [pid 5002] <... futex resumed>) = ? [pid 5002] +++ exited with 0 +++ [pid 5001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5001, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f47620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f4f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f4f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555f47620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f465d0) = 5005 ./strace-static-x86_64: Process 5005 attached [pid 5005] set_robust_list(0x555555f465e0, 24) = 0 [pid 5005] chdir("./3") = 0 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5005] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3d67e000 [pid 5005] mprotect(0x7f8b3d67f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7f8b3d69e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x7f8b3d69e9e0, 24) = 0 [pid 5005] <... clone resumed>, parent_tid=[5006], tls=0x7f8b3d69e700, child_tidptr=0x7f8b3d69e9d0) = 5006 [pid 5006] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5006] memfd_create("syzkaller", 0) = 3 [pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b3527e000 [pid 5006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5006] munmap(0x7f8b3527e000, 4194304) = 0 [pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5006] close(3) = 0 [pid 5006] mkdir("./file0", 0777) = 0 [ 57.053531][ T5006] loop0: detected capacity change from 0 to 8192 [ 57.064371][ T5006] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.077751][ T5006] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.087092][ T5006] REISERFS (device loop0): using ordered data mode [ 57.093849][ T5006] reiserfs: using flush barriers [ 57.099818][ T5006] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.116842][ T5006] REISERFS (device loop0): checking transaction log (loop0) [pid 5006] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5006] chdir("./file0") = 0 [pid 5006] ioctl(4, LOOP_CLR_FD) = 0 [pid 5006] close(4) = 0 [pid 5006] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5006] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5006] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5006] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5006] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5006] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5006] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3565d000 [pid 5005] mprotect(0x7f8b3565e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7f8b3567d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5008 attached , parent_tid=[5008], tls=0x7f8b3567d700, child_tidptr=0x7f8b3567d9d0) = 5008 [pid 5008] set_robust_list(0x7f8b3567d9e0, 24 [pid 5005] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... set_robust_list resumed>) = 0 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5008] ftruncate(4, 3617 [pid 5006] ftruncate(4, 3976 [pid 5008] <... ftruncate resumed>) = 0 [pid 5006] <... ftruncate resumed>) = 0 [pid 5006] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5008] futex(0x7f8b3d7787b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 1 [pid 5006] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [ 57.162518][ T5006] REISERFS (device loop0): Using r5 hash to sort names [ 57.169407][ T5006] REISERFS (device loop0): using 3.5.x disk format [ 57.176646][ T5006] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5005] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... open resumed>) = 6 [pid 5006] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5006] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] exit_group(0 [pid 5008] <... futex resumed>) = ? [pid 5006] <... futex resumed>) = ? [pid 5005] <... exit_group resumed>) = ? [pid 5008] +++ exited with 0 +++ [pid 5006] +++ exited with 0 +++ [pid 5005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f47620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f4f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f4f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555f47620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f465d0) = 5009 ./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x555555f465e0, 24) = 0 [pid 5009] chdir("./4") = 0 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5009] setpgid(0, 0) = 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5009] write(3, "1000", 4) = 4 [pid 5009] close(3) = 0 [pid 5009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5009] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3d67e000 [pid 5009] mprotect(0x7f8b3d67f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5009] clone(child_stack=0x7f8b3d69e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5010 attached , parent_tid=[5010], tls=0x7f8b3d69e700, child_tidptr=0x7f8b3d69e9d0) = 5010 [pid 5009] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5010] set_robust_list(0x7f8b3d69e9e0, 24) = 0 [pid 5010] memfd_create("syzkaller", 0) = 3 [pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b3527e000 [pid 5010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5010] munmap(0x7f8b3527e000, 4194304) = 0 [pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5010] close(3) = 0 [pid 5010] mkdir("./file0", 0777) = 0 [ 57.334462][ T5010] loop0: detected capacity change from 0 to 8192 [ 57.344814][ T5010] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.358103][ T5010] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.367534][ T5010] REISERFS (device loop0): using ordered data mode [ 57.374502][ T5010] reiserfs: using flush barriers [ 57.380626][ T5010] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.397003][ T5010] REISERFS (device loop0): checking transaction log (loop0) [pid 5010] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5010] chdir("./file0") = 0 [pid 5010] ioctl(4, LOOP_CLR_FD) = 0 [pid 5010] close(4) = 0 [pid 5010] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5010] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5009] <... futex resumed>) = 0 [pid 5010] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5009] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... openat resumed>) = 4 [pid 5010] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5010] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5009] <... futex resumed>) = 0 [pid 5010] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5009] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... write resumed>) = 65191 [pid 5010] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5009] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] <... futex resumed>) = 1 [pid 5009] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5010] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5010] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5009] <... futex resumed>) = 0 [pid 5010] ftruncate(4, 3976 [pid 5009] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5010] <... ftruncate resumed>) = 0 [pid 5009] <... mmap resumed>) = 0x7f8b3565d000 [pid 5010] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] mprotect(0x7f8b3565e000, 131072, PROT_READ|PROT_WRITE [pid 5010] <... futex resumed>) = 0 [pid 5009] <... mprotect resumed>) = 0 [pid 5010] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] clone(child_stack=0x7f8b3567d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x7f8b3567d9e0, 24 [pid 5009] <... clone resumed>, parent_tid=[5012], tls=0x7f8b3567d700, child_tidptr=0x7f8b3567d9d0) = 5012 [ 57.437253][ T5010] REISERFS (device loop0): Using r5 hash to sort names [ 57.444407][ T5010] REISERFS (device loop0): using 3.5.x disk format [ 57.451254][ T5010] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5012] <... set_robust_list resumed>) = 0 [pid 5009] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] ftruncate(4, 3617 [pid 5009] <... futex resumed>) = 0 [pid 5012] <... ftruncate resumed>) = 0 [pid 5009] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5012] <... futex resumed>) = 0 [pid 5009] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] futex(0x7f8b3d7787b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... futex resumed>) = 0 [pid 5009] <... futex resumed>) = 1 [pid 5010] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5009] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... open resumed>) = 6 [pid 5010] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5010] <... futex resumed>) = 1 [pid 5010] futex(0x7f8b3d7787a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] exit_group(0 [pid 5012] <... futex resumed>) = ? [pid 5010] <... futex resumed>) = ? [pid 5009] <... exit_group resumed>) = ? [pid 5010] +++ exited with 0 +++ [pid 5012] +++ exited with 0 +++ [pid 5009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555f47620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555f4f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f4f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555f47620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f465d0) = 5013 ./strace-static-x86_64: Process 5013 attached [pid 5013] set_robust_list(0x555555f465e0, 24) = 0 [pid 5013] chdir("./5") = 0 [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5013] setpgid(0, 0) = 0 [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5013] write(3, "1000", 4) = 4 [pid 5013] close(3) = 0 [pid 5013] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5013] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3d67e000 [pid 5013] mprotect(0x7f8b3d67f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5013] clone(child_stack=0x7f8b3d69e3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5014 attached , parent_tid=[5014], tls=0x7f8b3d69e700, child_tidptr=0x7f8b3d69e9d0) = 5014 [pid 5014] set_robust_list(0x7f8b3d69e9e0, 24 [pid 5013] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... set_robust_list resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5014] memfd_create("syzkaller", 0) = 3 [pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8b3527e000 [pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5014] munmap(0x7f8b3527e000, 4194304) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5014] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5014] close(3) = 0 [pid 5014] mkdir("./file0", 0777) = 0 [ 57.633486][ T5014] loop0: detected capacity change from 0 to 8192 [ 57.645322][ T5014] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.658509][ T5014] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 57.667999][ T5014] REISERFS (device loop0): using ordered data mode [ 57.674789][ T5014] reiserfs: using flush barriers [ 57.680717][ T5014] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.697293][ T5014] REISERFS (device loop0): checking transaction log (loop0) [pid 5014] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5014] chdir("./file0") = 0 [pid 5014] ioctl(4, LOOP_CLR_FD) = 0 [pid 5014] close(4) = 0 [pid 5014] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5014] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [ 57.741142][ T5014] REISERFS (device loop0): Using r5 hash to sort names [ 57.748622][ T5014] REISERFS (device loop0): using 3.5.x disk format [ 57.755819][ T5014] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5014] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5014] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f8b3d7787ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5014] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5014] futex(0x7f8b3d7787ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... futex resumed>) = 0 [pid 5013] futex(0x7f8b3d7787a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5013] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8b3565d000 [pid 5013] mprotect(0x7f8b3565e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5013] clone(child_stack=0x7f8b3567d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5016 attached , parent_tid=[5016], tls=0x7f8b3567d700, child_tidptr=0x7f8b3567d9d0) = 5016 [pid 5016] set_robust_list(0x7f8b3567d9e0, 24 [pid 5013] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... set_robust_list resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5016] ftruncate(4, 3617 [pid 5013] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5016] <... ftruncate resumed>) = 0 [pid 5016] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5013] <... futex resumed>) = 0 [pid 5016] futex(0x7f8b3d7787b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] futex(0x7f8b3d7787b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5013] <... futex resumed>) = 0 [pid 5016] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5013] futex(0x7f8b3d7787bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] ftruncate(4, 3976 [pid 5016] <... open resumed>) = 6 [pid 5016] futex(0x7f8b3d7787bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5013] <... futex resumed>) = 0 [ 57.814527][ T5014] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 [ 57.830732][ T5014] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 57.841758][ T5014] REISERFS (device loop0): Remounting filesystem read-only [ 57.849330][ T5014] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 57.861037][ T5014] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 57.869435][ T5014] CPU: 0 PID: 5014 Comm: syz-executor384 Not tainted 6.3.0-syzkaller-12049-g58390c8ce1bd #0 [ 57.879590][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 57.889660][ T5014] RIP: 0010:direct2indirect+0x95b/0x1840 [ 57.895344][ T5014] Code: 49 c1 e7 04 4a 8d 5c 39 08 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 3d 03 00 00 48 63 1b 49 83 c5 28 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 87 9a b2 ff 48 ba 00 00 00 00 00 fc [ 57.915744][ T5014] RSP: 0018:ffffc90003bef0a0 EFLAGS: 00010206 [ 57.921816][ T5014] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffc90003bef678 [ 57.929775][ T5014] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 57.937835][ T5014] RBP: ffffc90003bef230 R08: ffffffff8230df7f R09: ffffffff823003fd [ 57.945790][ T5014] R10: 0000000000000002 R11: ffff88801f601dc0 R12: 0000000000000001 [ 57.953748][ T5014] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000010 [ 57.961705][ T5014] FS: 00007f8b3d69e700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 57.970623][ T5014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.977191][ T5014] CR2: 00007f8b3d735e10 CR3: 0000000022b71000 CR4: 00000000003506f0 [ 57.985243][ T5014] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.993208][ T5014] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.001364][ T5014] Call Trace: [ 58.004645][ T5014] [ 58.007568][ T5014] ? r5_hash+0xd0/0xd0 [ 58.011630][ T5014] ? show_alloc_options+0xc00/0xc00 [ 58.016816][ T5014] ? journal_begin+0x1f3/0x360 [ 58.021564][ T5014] ? copy_item_head+0x22/0x30 [ 58.026262][ T5014] reiserfs_get_block+0x4c34/0x5130 [ 58.031463][ T5014] ? make_le_item_head+0x570/0x570 [ 58.036563][ T5014] ? reacquire_held_locks+0x660/0x660 [ 58.041927][ T5014] ? validate_chain+0x119/0x58e0 [ 58.046852][ T5014] ? mark_lock+0x9a/0x340 [ 58.051174][ T5014] ? __lock_acquire+0x1295/0x2000 [ 58.056205][ T5014] ? __lock_acquire+0x1295/0x2000 [ 58.061233][ T5014] ? folio_create_buffers+0xc7/0x250 [ 58.066505][ T5014] __block_write_begin_int+0x548/0x1a50 [ 58.072045][ T5014] ? make_le_item_head+0x570/0x570 [ 58.077323][ T5014] ? PageUptodate+0x290/0x290 [ 58.082003][ T5014] ? folio_test_hugetlb+0xa0/0x1d0 [ 58.087113][ T5014] ? __block_write_begin+0x65/0x160 [ 58.092299][ T5014] ? reiserfs_write_begin+0x183/0x520 [ 58.097664][ T5014] reiserfs_write_begin+0x24d/0x520 [ 58.102870][ T5014] generic_cont_expand_simple+0x18b/0x2a0 [ 58.108590][ T5014] ? submit_bh+0x20/0x20 [ 58.112818][ T5014] ? smk_access+0x477/0x4b0 [ 58.117327][ T5014] ? mutex_lock_nested+0x1b/0x20 [ 58.122256][ T5014] reiserfs_setattr+0x57d/0x1140 [ 58.127202][ T5014] ? reiserfs_commit_write+0x5b0/0x5b0 [ 58.132662][ T5014] ? current_time+0x1e0/0x300 [ 58.137333][ T5014] ? atime_needs_update+0x6d0/0x6d0 [ 58.142520][ T5014] ? evm_inode_setattr+0x100/0x740 [ 58.147616][ T5014] ? bpf_lsm_inode_setattr+0x9/0x10 [ 58.152810][ T5014] ? security_inode_setattr+0xd7/0x130 [ 58.158273][ T5014] ? reiserfs_commit_write+0x5b0/0x5b0 [ 58.163721][ T5014] notify_change+0xc8b/0xf40 [ 58.168306][ T5014] do_truncate+0x220/0x300 [ 58.172797][ T5014] ? put_page_bootmem+0x2e0/0x2e0 [ 58.177821][ T5014] do_sys_ftruncate+0x2e4/0x380 [ 58.182674][ T5014] do_syscall_64+0x41/0xc0 [ 58.187089][ T5014] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.193061][ T5014] RIP: 0033:0x7f8b3d6f2ba9 [ 58.197464][ T5014] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.217151][ T5014] RSP: 002b:00007f8b3d69e2f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 58.225559][ T5014] RAX: ffffffffffffffda RBX: 00007f8b3d7787a0 RCX: 00007f8b3d6f2ba9 [ 58.233525][ T5014] RDX: 00007f8b3d6f2ba9 RSI: 0000000000000f88 RDI: 0000000000000004 [ 58.241483][ T5014] RBP: 00007f8b3d7451b8 R08: 0000000000000000 R09: 0000000000000000 [ 58.249441][ T5014] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 58.257398][ T5014] R13: 7366726573696572 R14: 6576652e73646970 R15: 00007f8b3d7787a8 [ 58.265362][ T5014] [ 58.268367][ T5014] Modules linked in: [ 58.272604][ T5014] ---[ end trace 0000000000000000 ]--- [ 58.278106][ T5014] RIP: 0010:direct2indirect+0x95b/0x1840 [ 58.283811][ T5014] Code: 49 c1 e7 04 4a 8d 5c 39 08 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85 3d 03 00 00 48 63 1b 49 83 c5 28 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 87 9a b2 ff 48 ba 00 00 00 00 00 fc [ 58.303487][ T5014] RSP: 0018:ffffc90003bef0a0 EFLAGS: 00010206 [ 58.309621][ T5014] RAX: 0000000000000005 RBX: 0000000000000000 RCX: ffffc90003bef678 [ 58.317652][ T5014] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 58.325667][ T5014] RBP: ffffc90003bef230 R08: ffffffff8230df7f R09: ffffffff823003fd [ 58.333684][ T5014] R10: 0000000000000002 R11: ffff88801f601dc0 R12: 0000000000000001 [ 58.341694][ T5014] R13: 0000000000000028 R14: 0000000000000000 R15: 0000000000000010 [ 58.349682][ T5014] FS: 00007f8b3d69e700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.358654][ T5014] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.365268][ T5014] CR2: 00007f8b3d735e10 CR3: 0000000022b71000 CR4: 00000000003506f0 [ 58.373286][ T5014] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.381349][ T5014] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.389344][ T5014] Kernel panic - not syncing: Fatal exception [ 58.395620][ T5014] Kernel Offset: disabled [ 58.399965][ T5014] Rebooting in 86400 seconds..